Detangling Cyber Attack Patterns


Nine basic attack patterns have accounted for the vast majority of cyber security incidents in the last decade, according to Verizon security research released in late April.

For the 2014 “Data Breach Investigations Report,” an annual examination of global cyber attacks and breaches, researchers examined 100,000 security incidents from the past decade.

More than 90 percent of data breaches fell into these categories:

  • Point-of-sale intrusions: Remote attacks that target retail transactions
  • Web app attacks: Typically involve exploitation of coding and authentication in web apps. “Web apps remain the proverbial punching bag of the Internet,” researchers wrote.
  • Insider and privilege misuse: Internal security breaches, typically for financial gain
  • Crimeware: Malicious programs used to control systems for illicit uses like stealing login credentials
  • Payment card skimmers: A growing set of crimes that involves physically tampering with payment machines
  • Cyber espionage: Unauthorized system access attributed to state-affiliated actors
  • Denial of Service (DoS) attacks: Any attack intended to compromise the availability of networks or systems
  • Miscellaneous errors: When the breach is the result of human error (such as accidentally emailing critical information)
  • Physical theft and loss

The report also examines trends that arose in 2013, a year in which the most widely publicized incident involved of data from 40 million debit and credit cards from Target stores. Researchers said the attack as indicative of a major trend in cyber security.

“2013 may be remembered as the 'year of the retailer breach,' but a comprehensive assessment suggests it was a year of transition from geopolitical attacks to large-scale attacks on payment card systems,” researchers wrote.

The 2013 analysis included 63,437 security incidents and 1,367 confirmed data breaches, reported to Verizon by 50 global security organizations.

Read the full report HERE.

Comments are closed.